Possible virus?

  • Thread starter Thread starter Robert Colgan
  • Start date Start date
R

Robert Colgan

Guest
I'm worried that I've somehow gotten the W32.Mytob virus. Earlier this
afternoon, I received the below email:

| from xxxxxxxxx@gmail.com
| to xxxxxxxxx@gmail.com (me)
| date Nov 28, 2007 9:50 PM
| subject Virus Found in message "Hello"
|
| Symantec AntiVirus found a virus in an attachment from
xxxxxxxxx@gmail.com.
|
| Attachment: bbkiu.zip
| Threat: W32.Mytob.AG@mm
| Action taken: Quarantine succeeded
| File status: Infected
|
| The message contains Unicode characters and has been sent as a
binary attachment.
|
| bbkiu.zip
| 1K Download

It surprised me, and while I do have Symantec AntiVirus, I'm not sure
how Symantec got to this email, since it was on Gmail's webmail
interface (it didn't look like Gmail's built-in anti-virus either --
it will display something about a virus next to the attachment, I
believe). Or, even, that it did at all -- I know many viruses
masquerade as anti-virus messages. So, I didn't download anything and
went on my merry business, thinking that whatever it was, as long as I
didn't download anything, I wouldn't get infected.

But later, I got the below "returned-to-sender" email. I'm concerned
that the virus somehow got on to one of my computers and is sending
emails. I'm running virus scans on both my computers, neither of which
have turned up anything, and I'm about to run the W32.Mytob@mm Removal
Tool from Symantec.
Is this something I need to be worried about?
P.S. "xxxxx@mail.hs.columbia.edu" is not anyone I know or that would
be in my address book

This is the returned-to-sender email I got:
| from Mail Delivery System <MAILER-DAEMON@alipes.hs.columbia.edu>
| to xxxxxxxxx@gmail.com, (me)
| date Nov 28, 2007 8:35 PM
| subject Undelivered Mail Returned to Sender
| mailed-by alipes.hs.columbia.edu
|
| This is the mail system at host alipes.hs.columbia.edu.
|
| I'm sorry to have to inform you that your message could not
| be delivered to one or more recipients. It's attached below.
|
| For further assistance, please send mail to <postmaster>|
|
| If you do so, please include this problem report. You can
| delete your own text from the attached returned message.
|
| The mail system
|
| <xxxxx@mail.hs.columbia.edu>: mail for mail.hs.columbia.edu loops
back to
| myself
|
| Final-Recipient: rfc822; xxxxx@mail.hs.columbia.edu
| Original-Recipient: rfc822;xxxxx@mail.hs.columbia.edu
| Action: failed
| Status: 5.4.6
| Diagnostic-Code: X-Postfix; mail for mail.hs.columbia.edu loops back
to myself
|
| ---------- Forwarded message ----------
| From: xxxxxxxxx@gmail.com
| To: xxxxx@mail.hs.columbia.edu
| Date: Thu, 29 Nov 2007 08:33:56 -0500
| Subject: Virus Found in message "HELLO"
| Symantec AntiVirus found a virus in an attachment from
xxxxxxxxx@gmail.com.
|
|
| Attachment: readme.scr
| Threat: W32.Mytob.AG@mm
| Action taken: Quarantine succeeded
| File status: Infected
and then there was this underneath:

ät¶
ó¯îþ0û\oq|mÌñÉþA4Q(tm)û(c)ןø3/4 EU´ØOEÁ3³ë\
|xþ"†FÌ%(c)-\úcXÉ5.ë;{3/4 OŽS4ÚÕÁ(tm){\X(tm)]Úí|À6§(tm)ˆë‰Øu.5åkºBOE![·oÞ-^i"´
‹Wu03l4I...1/4;Î '<<ÜÑR --dvî"ëÞi20ž†_,9^ây'mx j
Že„ê‰ ÓCÙŠLkòS '}§]PÛF8Í×ÞîCŠ,¨(R)(R)VKµ&ÆÒÅËM³µÍ¬>>{/<Ÿ~Ã-
„FJ|4Ão§*ùÍUeC`¨ôkÐ|´[9B£Žêsás±²->§O± ~^‡ô_Ö~Tõ·.P||2)üR-ef
ÉàÅÈqM&‡jeµó\ëÀ·f:%Q<àã&Ó‡„Ù I)ða!Hè...27dù^.5qB?qãÈ£6)ž4$10ßÉàÙVÊP§...
Îƈˆ4äÕ‹ž1/4 hd8ö(c)5*D‡\§nz4(R)£¤çžÐQN...gSÁ
'¶ón>Ê?>1ˆ" m 1/2¯ºÏ...¬>>(tm)¤mJÀÒí(tm)Ü°)f×J....´kà¤Õ,ŽŽgŽ*åHÖ¡¯Ù¢p"ÓRùÛÔÖü 2glL¿¥¨;
6ûvU„_C-c-TU-vÒƬ|ËKEw¯§%,3m쪚aãÁòÜËËeÌ-Ÿ¸‰êg '7CÒÞ*a1‡ó_À *.R§‡!
DSeòªFns î}ùKV[kç±l`Ý.,MŸ x"&9KP.Å„-v|NØ0J0É-eåsa¢¬ åý[7hº-
¡bëãÃ1/2 WáܲT*RÕð1/2þMêDÞäF3²(R)Úpd¬ÉÐ¥$p|"aƒT>>FhU›ºle<<ÙåI›ô3/43/4 oôñþetáÔ"Ò¥]$l....
#žx_
ý(tm)Ÿ²ðÅ2þ†'zÕÓ
Ò Ëq:--üºä""PB[Ú‰Äþ l÷ï--8qÎöÂÎg;G:!¨mÌ °sG{(R)ÃSÊ<<ÀX„~´åuGP\ÓuNH&×XLpm}¨
&*¥áv×'?ŠîßéÊÓÙ#‹->Úï‰3&vŠtéù j
' ŽåŒS?]å O/£Uú6Ü1/4›#èÝ̪æøæxJk:wÒ'¹¹ÛÏ[³&cDß³ñÏä6\>âù&0(c)(c)<<·WdÔÂù\%OEý¢N
Ê`FYÜŠÇ×Ó§þòÔI¤äBhìÈ;]wHÌ^Z}´((tm)jñéHLÝÞFPÄ
gß±^Ëu(ÂPAÉÊ¿~ÙÐ û¯<<!Zìàz3¤b³¯\('ØdIyýñPI†¢sâïlEh‡6å~`sEø6^¨ü ×Äñ‹ðú
$'à÷m·¬ð-cjÎŽèSÔÚ0§Œ^ÇÍÛžŸ¹ç{: Ǩ?ÀÃÖPË‹ÖŠO3OEÊa¹ã3/4 ÈÝDcK²à:
5NШ¶(ëy(tm)`6Ö|ºµµIn...ð-XFà v›PÍm¯)áÓjàÅÌéxgöÏK...|-
|}<*,›IÛõ~l(tm)‡>ÚŽrÎõ'FWÀ"¹Úže
>„~dn&`--Êb;...ì¿,ÃéUzâ"*|õ)~
*‰b
šW
‡<á-5Ó×Bïs'(tm)x÷ üÅ÷Ã4‡³1I†'|¬>û´cÌv>>£Ô-2#3/4 lw† a
¢KÌŸY 1/2 fŸ&WÙªJp,"îÃê¯Ò|XݳÝjUýõ(tm)~!´ *--àëÐ"ø¿xª¹&%¨!g H¬T²k^3/4&s²F"Öô`rº:
eÙ ¤À.Å2Zx†³"Ô¬C8|
ÈY‹vçPÍ(tm)†Rò'„l_ÃPÝš2Ù.(~å´§Ã??áj°þ4Îq}^-³£5èa £„1/4 mIiVz,ò)TD
³¬š0ÚÕ¥íÊEæ
<< tŸþ #sk :ÕòxH~Û'I‰§¶\á
ïøåJËZ¢ó9áÐ1/2¸"Rn0 1/4 2L0 3/4·"ï1/2Ï]÷üŽi[7(R)Éû"×ëOE†r56o<u‰øür|ÉöãÊú"¶<Á‡|S¡:
,ÒÙ?!ý*ìÇ ¹ÜÛ~ ljð¶¢H¯1/4 W^ý ô...³¯º--'3/4Å |c]š1f h
qÈxqÛ3/4ÚyQ߶1/4 SÊÄH³×Ó(tm)òÜÍÕ'ŽÎÃ3nøˆçc¿r
±xðF47DL¶*¬"zöâïVe}X'цköüìfvÞ5YܸïâTÓbHa £rt±´²Ã{°\(tm)±ÏjÂ(R)33(tm)'"4±3/4Ó‰
$>>w_}wöuGøWȯž>>XGŸÁcaûÇÁiÌ&|ÇŒ_Ø'}ŠttpOELÄÆPôCDûY5"î#Dê"°s,‡)j²óµ{OEé¿J'(R)„Fl>>ÖÑÖ<›Â|"MæoÔyy(tm)IB¯áíÝ0Õòa9ØÇï'çe>I 1/2 tüŸ¿¿Œ"%gõë¡~>
"ÛÛ
S¶Q[¤áÅg|...1/2óQx Žç)Œ"ý3
9ÝÆdQHŸ\J(c) Š
ä"GÌÆÄó- :>-YÝÏfhÆî.°Þ µ
òMÚŸ\{"a"MtO<<n5¿dÂ^ýÓÜþÇß...¶ÐÃ:~H,ŽC"1/4ò/KŽpÂ
úä[Þä‡)<<(tm)úáƒÆ|·0Gù# YñbñÚéð$Ò·µU/êð0¯^ð(tm)Ê×ß õØYÈë-npÅ3~...4^§11#ÚD
ZgHÅnC9'ò(c)(c)ÇzE Ç÷ [c&*rWE#)<<··(c))ÔV ÝãB¹YÞrY fÏ*YfvT‰
 
Re: Possible virus?

On Nov 28, 9:36 pm, Robert Colgan <RobertECol...@gmail.com> wrote:
> I'm worried that I've somehow gotten the W32.Mytob virus. Earlier this
> afternoon, I received the below email:
>
> | from xxxxxx...@gmail.com
> | to xxxxxx...@gmail.com (me)
> | date Nov 28, 2007 9:50 PM
> | subject Virus Found in message "Hello"
> |
> | Symantec AntiVirus found a virus in an attachment from
> xxxxxx...@gmail.com.
> |
> | Attachment: bbkiu.zip
> | Threat: W32.Mytob.AG@mm
> | Action taken: Quarantine succeeded
> | File status: Infected
> |
> | The message contains Unicode characters and has been sent as a
> binary attachment.
> |
> | bbkiu.zip
> | 1K Download
>
> It surprised me, and while I do have Symantec AntiVirus, I'm not sure
> how Symantec got to this email, since it was on Gmail's webmail
> interface (it didn't look like Gmail's built-in anti-virus either --
> it will display something about a virus next to the attachment, I
> believe). Or, even, that it did at all -- I know many viruses
> masquerade as anti-virus messages. So, I didn't download anything and
> went on my merry business, thinking that whatever it was, as long as I
> didn't download anything, I wouldn't get infected.
>
> But later, I got the below "returned-to-sender" email. I'm concerned
> that the virus somehow got on to one of my computers and is sending
> emails. I'm running virus scans on both my computers, neither of which
> have turned up anything, and I'm about to run the W32.Mytob@mm Removal
> Tool from Symantec.
> Is this something I need to be worried about?
> P.S. "xx...@mail.hs.columbia.edu" is not anyone I know or that would
> be in my address book
>
> This is the returned-to-sender email I got:
> | from Mail Delivery System <MAILER-DAE...@alipes.hs.columbia.edu>
> | to xxxxxx...@gmail.com, (me)
> | date Nov 28, 2007 8:35 PM
> | subject Undelivered Mail Returned to Sender
> | mailed-by alipes.hs.columbia.edu
> |
> | This is the mail system at host alipes.hs.columbia.edu.
> |
> | I'm sorry to have to inform you that your message could not
> | be delivered to one or more recipients. It's attached below.
> |
> | For further assistance, please send mail to <postmaster>|
> |
> | If you do so, please include this problem report. You can
> | delete your own text from the attached returned message.
> |
> | The mail system
> |
> | <xx...@mail.hs.columbia.edu>: mail for mail.hs.columbia.edu loops
> back to
> | myself
> |
> | Final-Recipient: rfc822; xx...@mail.hs.columbia.edu
> | Original-Recipient: rfc822;xx...@mail.hs.columbia.edu
> | Action: failed
> | Status: 5.4.6
> | Diagnostic-Code: X-Postfix; mail for mail.hs.columbia.edu loops back
> to myself
> |
>
> | ---------- Forwarded message ----------
> | From: xxxxxx...@gmail.com
> | To: xx...@mail.hs.columbia.edu
> | Date: Thu, 29 Nov 2007 08:33:56 -0500
> | Subject: Virus Found in message "HELLO"
> | Symantec AntiVirus found a virus in an attachment from
> xxxxxx...@gmail.com.
> |
> |
> | Attachment: readme.scr
> | Threat: W32.Mytob.AG@mm
> | Action taken: Quarantine succeeded
> | File status: Infected
> and then there was this underneath:
>
> ät¶
> ó¯îþ0û\oq|mÌñÉþA4Q(tm)û(c)ןø3/4 EU´ØOEÁ3³ë\
> |xþ"†FÌ%(c)-\úcXÉ5.ë;{3/4 OŽS4ÚÕÁ(tm){\X(tm)]Úí|À6§(tm)ˆë‰Øu.5åkºBOE![·oÞ-^i"´
> ‹Wu03l4I...1/4;Î '<<ÜÑR --dvî"ëÞi20ž†_,9^ây'mx j
> Že„ê‰ ÓCÙŠLkòS '}§]PÛF8Í×ÞîCŠ,¨(R)(R)VKµ&ÆÒÅËM³µÍ¬>>{/<Ÿ~Ã-
> „FJ|4Ão§*ùÍUeC`¨ôkÐ|´[9B£Žêsás±²->§O± ~^‡ô_Ö~Tõ·.P||2)üR-ef
> ÉàÅÈqM&‡jeµó\ëÀ·f:%Q<àã&Ó‡„Ù I)ða!Hè....27dù^.5qB?qãÈ£6)ž4$10ßÉàÙVÊP§...
> Îƈˆ4äÕ‹ž1/4 hd8ö(c)5*D‡\§nz4(R)£¤çžÐQN...gSÁ
> '¶ón>Ê?>1ˆ" m 1/2¯ºÏ...¬>>(tm)¤mJÀÒí(tm)Ü°)f×J...´kà¤Õ,ŽŽgŽ*åHÖ¡¯Ù¢p"ÓRùÛÔÖü 2glL¿¥¨;
> 6ûvU„_C-c-TU-vÒƬ|ËKEw¯§%,3m쪚aãÁòÜËËeÌ-Ÿ¸‰êg '7CÒÞ*a1‡ó_À *.R§‡!
> DSeòªFns î}ùKV[kç±l`Ý.,MŸ x"&9KP.Å„-v|NØ0J0É-eåsa¢¬ åý[7hº-
> ¡bëãÃ1/2 WáܲT*RÕð1/2þMêDÞäF3²(R)Úpd¬ÉÐ¥$p|"aƒT>>FhU›ºle<<ÙåI›ô3/43/4 oôñþetáÔ"Ò¥]$l...
> #žx_
> ý(tm)Ÿ²ðÅ2þ†'zÕÓ
> Ò Ëq:--üºä""PB[Ú‰Äþ l÷ï--8qÎöÂÎg;G:!¨mÌ °sG{(R)ÃSÊ<<ÀX„~´åuGP\ÓuNH&×XLpm}¨
> &*¥áv×'?ŠîßéÊÓÙ#‹->Úï‰3&vŠtéù j
> ' ŽåŒS?]å O/£Uú6Ü1/4›#èÝ̪æøæxJk:wÒ'¹¹ÛÏ[³&cDß³ñÏä6\>âù&0(c)(c)<<·WdÔÂù\%OEý¢N
> Ê`FYÜŠÇ×Ó§þòÔI¤äBhìÈ;]wHÌ^Z}´((tm)jñéHLÝÞFPÄ
> gß±^Ëu(ÂPAÉÊ¿~ÙÐ û¯<<!Zìàz3¤b³¯\('ØdIyýñPI†¢sâïlEh‡6å~`sEø6^¨ü ×Äñ‹ðú
> $'à÷m·¬ð-cjÎŽèSÔÚ0§Œ^ÇÍÛžŸ¹ç{: Ǩ?ÀÃÖPË‹ÖŠO3OEÊa¹ã3/4 ÈÝDcK²à:
> 5NШ¶(ëy(tm)`6Ö|ºµµIn...ð-XFà v›PÍm¯)áÓjàÅÌéxgöÏK...|-
> |}<*,›IÛõ~l(tm)‡>ÚŽrÎõ'FWÀ"¹Úže
> >„~dn&`--Êb;...ì¿,ÃéUzâ"*|õ)~
> *‰b
> šW
> ‡<á-5Ó×Bïs'(tm)x÷ üÅ÷Ã4‡³1I†'|¬>û´cÌv>>£Ô-2#3/4 lw† a
> ¢KÌŸY 1/2 fŸ&WÙªJp,"îÃê¯Ò|XݳÝjUýõ(tm)~!´ *--àëÐ"ø¿xª¹&%¨!g H¬T²k^3/4&s²F"Öô`rº:
> eÙ ¤À.Å2Zx†³"Ô¬C8|
> ÈY‹vçPÍ(tm)†Rò'„l_ÃPÝš2Ù.(~å´§Ã??áj°þ4Îq}^-³£5èa £„1/4 mIiVz,ò)TD
> ³¬š0ÚÕ¥íÊEæ
> << tŸþ #sk :ÕòxH~Û'I‰§¶\á
> ïøåJËZ¢ó9áÐ1/2¸"Rn0 1/4 2L0 3/4·"ï1/2Ï]÷üŽi[7(R)Éû"×ëOE†r56o<u‰øür|ÉöãÊú"¶<Á‡|S¡:
> ,ÒÙ?!ý*ìÇ ¹ÜÛ~ ljð¶¢H¯1/4 W^ý ô...³¯º--'3/4Å |c]š1f h
> qÈxqÛ3/4ÚyQ߶1/4 SÊÄH³×Ó(tm)òÜÍÕ'ŽÎÃ3nøˆçc¿r
> ±xðF47DL¶*¬"zöâïVe}X'цköüìfvÞ5YܸïâTÓbHa £rt±´²Ã{°\(tm)±ÏjÂ(R)33(tm)'"4±3/4Ó‰
> $>>w_}wöuGøWȯž>>XGŸÁcaûÇÁiÌ&|ÇŒ_Ø'}ŠttpOELÄÆPôCDûY5"î#Dê"°s,‡)j²óµ{OEé¿J'(R)„Fl>>ÖÑÖ<›Â|"MæoÔyy(tm)IB¯áíÝ0Õòa9ØÇï'çe>I 1/2 tüŸ¿¿Œ"%gõë¡~>
> "ÛÛ
> S¶Q[¤áÅg|...1/2óQx Žç)Œ"ý3
> 9ÝÆdQHŸ\J(c) Š
> ä"GÌÆÄó- :>-YÝÏfhÆî.°Þ µ
> òMÚŸ\{"a"MtO<<n5¿dÂ^ýÓÜþÇß...¶ÐÃ:~H,ŽC"1/4ò/KŽpÂ
> úä[Þä‡)<<(tm)úáƒÆ|·0Gù# YñbñÚéð$Ò·µU/êð0¯^ð(tm)Ê×ß õØYÈë-npÅ3~...4^§11#ÚD
> ZgHÅnC9'ò(c)(c)ÇzE Ç÷ [c&*rWE#)<<··(c))ÔV ÝãB¹YÞrY fÏ*YfvT‰

btw if you use Google Groups make sure to click "show quoted text" in
the first message to see the whole thing, which was a copy of a
forwarded message Groups is interpreting as quoted text.
 
Re: Possible virus?

The 'you are sending out infected mail' is as bogus as the 'you have an
infected computer' messages.

Delete them..

--
Mike Hall - MVP
http://msmvps.com/blogs/mikehall/default.aspx




"Robert Colgan" <RobertEColgan@gmail.com> wrote in message
news:6650687b-2e7c-442e-bf96-8166b8601bd6@w34g2000hsg.googlegroups.com...
I'm worried that I've somehow gotten the W32.Mytob virus. Earlier this
afternoon, I received the below email:

| from xxxxxxxxx@gmail.com
| to xxxxxxxxx@gmail.com (me)
| date Nov 28, 2007 9:50 PM
| subject Virus Found in message "Hello"
|
| Symantec AntiVirus found a virus in an attachment from
xxxxxxxxx@gmail.com.
|
| Attachment: bbkiu.zip
| Threat: W32.Mytob.AG@mm
| Action taken: Quarantine succeeded
| File status: Infected
|
| The message contains Unicode characters and has been sent as a
binary attachment.
|
| bbkiu.zip
| 1K Download

It surprised me, and while I do have Symantec AntiVirus, I'm not sure
how Symantec got to this email, since it was on Gmail's webmail
interface (it didn't look like Gmail's built-in anti-virus either --
it will display something about a virus next to the attachment, I
believe). Or, even, that it did at all -- I know many viruses
masquerade as anti-virus messages. So, I didn't download anything and
went on my merry business, thinking that whatever it was, as long as I
didn't download anything, I wouldn't get infected.

But later, I got the below "returned-to-sender" email. I'm concerned
that the virus somehow got on to one of my computers and is sending
emails. I'm running virus scans on both my computers, neither of which
have turned up anything, and I'm about to run the W32.Mytob@mm Removal
Tool from Symantec.
Is this something I need to be worried about?
P.S. "xxxxx@mail.hs.columbia.edu" is not anyone I know or that would
be in my address book

This is the returned-to-sender email I got:
| from Mail Delivery System <MAILER-DAEMON@alipes.hs.columbia.edu>
| to xxxxxxxxx@gmail.com, (me)
| date Nov 28, 2007 8:35 PM
| subject Undelivered Mail Returned to Sender
| mailed-by alipes.hs.columbia.edu
|
| This is the mail system at host alipes.hs.columbia.edu.
|
| I'm sorry to have to inform you that your message could not
| be delivered to one or more recipients. It's attached below.
|
| For further assistance, please send mail to <postmaster>|
|
| If you do so, please include this problem report. You can
| delete your own text from the attached returned message.
|
| The mail system
|
| <xxxxx@mail.hs.columbia.edu>: mail for mail.hs.columbia.edu loops
back to
| myself
|
| Final-Recipient: rfc822; xxxxx@mail.hs.columbia.edu
| Original-Recipient: rfc822;xxxxx@mail.hs.columbia.edu
| Action: failed
| Status: 5.4.6
| Diagnostic-Code: X-Postfix; mail for mail.hs.columbia.edu loops back
to myself
|
| ---------- Forwarded message ----------
| From: xxxxxxxxx@gmail.com
| To: xxxxx@mail.hs.columbia.edu
| Date: Thu, 29 Nov 2007 08:33:56 -0500
| Subject: Virus Found in message "HELLO"
| Symantec AntiVirus found a virus in an attachment from
xxxxxxxxx@gmail.com.
|
|
| Attachment: readme.scr
| Threat: W32.Mytob.AG@mm
| Action taken: Quarantine succeeded
| File status: Infected
and then there was this underneath:

ät¶
ó¯îþ0û\oq|mÌñÉþA4Q(tm)û(c)×Yø3/4 EU´ØOEÁ3³ë\
|xþ"?FÌ%(c)-\úcXÉ5.ë;{3/4
OZS4ÚÕÁ(tm){\X(tm)]Úí|À6§(tm)Ë?ë?Øu.5åkºBOE![·oÞ-^i"´
Ze"ê? ÓCÙSLkòS '}§]PÛF8Í×ÞîCS,¨(R)(R)VKµ&ÆÒÅËM³µÍ¬>>{/<Y~Ã-
"FJ|4Ão§*ùÍUeC`¨ôkÐ|´[9B£Zêsás±²->§O± ~^?ô_Ö~Tõ·.P||2)üR-ef
ÉàÅÈqM&?jeµó\ëÀ·f:%Q<àã&Ó?"Ù I)ða!Hè...27dù^.5qB?qãÈ£6)z4$10ßÉàÙVÊP§...
ÎÆ^^4äÕ '¶ón>Ê?>1^" m
1/2¯ºÏ...¬>>(tm)¤mJÀÒí(tm)Ü°)f×J...´kà¤Õ,ZZgZ*åHÖ¡¯Ù¢p"ÓRùÛÔÖü 2glL¿¥¨;
6ûvU"_C-c-TU-vÒƬ|ËKEw¯§%,3mìªsaãÁòÜËËeÌ-Y¸?êg '7CÒÞ*a1?ó_À *.R§?!
DSeòªFns î}ùKV[kç±l`Ý.,MY x"&9KP.Å"-v|NØ0J0É-eåsa¢¬ åý[7hº-
¡bëãÃ1/2 WáܲT*RÕð1/2þMêDÞäF3²(R)Úpd¬ÉÐ¥$p|"afT>>FhU>ºle<<ÙåI>ô3/43/4
oôñþetáÔ"Ò¥]$l...
#zx_
ý(tm)Y²ðÅ2þ?'zÕÓ
Ò Ëq:--üºä""PB[Ú?Äþ l÷ï--8qÎöÂÎg;G:!¨mÌ °sG{(R)ÃSÊ<<ÀX"~´åuGP\ÓuNH&×XLpm}¨
&*¥áv×'?SîßéÊÓÙ#<->Úï?3&vStéù j
' ZåOS?]å
O/£Uú6Ü1/4>#èÝ̪æøæxJk:wÒ'¹¹ÛÏ[³&cDß³ñÏä6\>âù&0(c)(c)<<·WdÔÂù\%OEý¢N
Ê`FYÜSÇ×Ó§þòÔI¤äBhìÈ;]wHÌ^Z}´((tm)jñéHLÝÞFPÄ
gß±^Ëu(ÂPAÉÊ¿~ÙÐ û¯<<!Zìàz3¤b³¯\('ØdIyýñPI?¢sâïlEh?6å~`sEø6^¨ü ×Äñ<ðú
$'à÷m·¬ð-cjÎZèSÔÚ0§O^ÇÍÛzY¹ç{: Ǩ?ÀÃÖPË<ÖSO3OEÊa¹ã3/4 ÈÝDcK²à:
5NШ¶(ëy(tm)`6Ö|ºµµIn...ð-XFà v>PÍm¯)áÓjàÅÌéxgöÏK...|-
|}<*,>IÛõ~l(tm)?>ÚZrÎõ'FWÀ"¹Úze
>"~dn&`--Êb;...ì¿,ÃéUzâ"*|õ)~
*?b
sW
?<á-5Ó×Bïs'(tm)x÷ üÅ÷Ã4?³1I?'|¬>û´cÌv>>£Ô-2#3/4 lw? a
¢KÌYY 1/2 fY&WÙªJp,"îÃê¯Ò|XݳÝjUýõ(tm)~!´ *--àëÐ"ø¿xª¹&%¨!g
H¬T²k^3/4&s²F"Öô`rº:
eÙ ¤À.Å2Zx?³"Ô¬C8|
ÈY ³¬s0ÚÕ¥íÊEæ
<< tYþ #sk :ÕòxH~Û'I?§¶\á
ïøåJËZ¢ó9áÐ1/2¸"Rn0 1/4 2L0
3/4·"ï1/2Ï]÷üZi[7(R)Éû"×ëOE?r56o<u?øür|ÉöãÊú"¶<Á?|S¡:
,ÒÙ?!ý*ìÇ ¹ÜÛ~ ljð¶¢H¯1/4 W^ý ô...³¯º--'3/4Å |c]s1f h
qÈxqÛ3/4ÚyQ߶1/4 SÊÄH³×Ó(tm)òÜÍÕ'ZÎÃ3nø^çc¿r
±xðF47DL¶*¬"zöâïVe}X'Ñ?köüìfvÞ5YܸïâTÓbHa
£rt±´²Ã{°\(tm)±ÏjÂ(R)33(tm)'"4±3/4Ó?
$>>w_}wöuGøWȯz>>XGYÁcaûÇÁiÌ&|ÇO_Ø'}SttpOELÄÆPôCDûY5"î#Dê"°s,?)j²óµ{OEé¿J'(R)"Fl>>ÖÑÖ<>Â|"MæoÔyy(tm)IB¯áíÝ0Õòa9ØÇï'çe>I
1/2 tüY¿¿O"%gõë¡~>
"ÛÛ
S¶Q[¤áÅg|...1/2óQx Zç)O"ý3
9ÝÆdQHY\J(c) S
ä"GÌÆÄó- :>-YÝÏfhÆî.°Þ µ
òMÚY\{"a"MtO<<n5¿dÂ^ýÓÜþÇß...¶ÐÃ:~H,ZC"1/4ò/KZpÂ
úä[Þä?)<<(tm)úáfÆ|Î?0Gù# YñbñÚéð$Ò·µU/êð0¯^ð(tm)Ê×ß õØYÈë-npÅ3~...4^§11#ÚD
ZgHÅnC9'ò(c)(c)ÇzE Ç÷ [c&*rWE#)<<··(c))ÔV ÝãB¹YÞrY fÏ*YfvT?
 
Re: Possible virus?

On Nov 28, 9:49 pm, "Mike Hall - MVP" <mikeh...@mvps.com> wrote:
> The 'you are sending out infected mail' is as bogus as the 'you have an
> infected computer' messages.
>
> Delete them..
>
> --
> Mike Hall - MVPhttp://msmvps.com/blogs/mikehall/default.aspx
>
> "Robert Colgan" <RobertECol...@gmail.com> wrote in message
>
> news:6650687b-2e7c-442e-bf96-8166b8601bd6@w34g2000hsg.googlegroups.com...
> I'm worried that I've somehow gotten the W32.Mytob virus. Earlier this
> afternoon, I received the below email:
>
> | from xxxxxx...@gmail.com
> | to xxxxxx...@gmail.com (me)
> | date Nov 28, 2007 9:50 PM
> | subject Virus Found in message "Hello"
> |
> | Symantec AntiVirus found a virus in an attachment from
> xxxxxx...@gmail.com.
> |
> | Attachment: bbkiu.zip
> | Threat: W32.Mytob.AG@mm
> | Action taken: Quarantine succeeded
> | File status: Infected
> |
> | The message contains Unicode characters and has been sent as a
> binary attachment.
> |
> | bbkiu.zip
> | 1K Download
>
> It surprised me, and while I do have Symantec AntiVirus, I'm not sure
> how Symantec got to this email, since it was on Gmail's webmail
> interface (it didn't look like Gmail's built-in anti-virus either --
> it will display something about a virus next to the attachment, I
> believe). Or, even, that it did at all -- I know many viruses
> masquerade as anti-virus messages. So, I didn't download anything and
> went on my merry business, thinking that whatever it was, as long as I
> didn't download anything, I wouldn't get infected.
>
> But later, I got the below "returned-to-sender" email. I'm concerned
> that the virus somehow got on to one of my computers and is sending
> emails. I'm running virus scans on both my computers, neither of which
> have turned up anything, and I'm about to run the W32.Mytob@mm Removal
> Tool from Symantec.
> Is this something I need to be worried about?
> P.S. "xx...@mail.hs.columbia.edu" is not anyone I know or that would
> be in my address book
>
> This is the returned-to-sender email I got:
> | from Mail Delivery System <MAILER-DAE...@alipes.hs.columbia.edu>
> | to xxxxxx...@gmail.com, (me)
> | date Nov 28, 2007 8:35 PM
> | subject Undelivered Mail Returned to Sender
> | mailed-by alipes.hs.columbia.edu
> |
> | This is the mail system at host alipes.hs.columbia.edu.
> |
> | I'm sorry to have to inform you that your message could not
> | be delivered to one or more recipients. It's attached below.
> |
> | For further assistance, please send mail to <postmaster>|
> |
> | If you do so, please include this problem report. You can
> | delete your own text from the attached returned message.
> |
> | The mail system
> |
> | <xx...@mail.hs.columbia.edu>: mail for mail.hs.columbia.edu loops
> back to
> | myself
> |
> | Final-Recipient: rfc822; xx...@mail.hs.columbia.edu
> | Original-Recipient: rfc822;xx...@mail.hs.columbia.edu
> | Action: failed
> | Status: 5.4.6
> | Diagnostic-Code: X-Postfix; mail for mail.hs.columbia.edu loops back
> to myself
> |
>
> | ---------- Forwarded message ----------
> | From: xxxxxx...@gmail.com
> | To: xx...@mail.hs.columbia.edu
> | Date: Thu, 29 Nov 2007 08:33:56 -0500
> | Subject: Virus Found in message "HELLO"
> | Symantec AntiVirus found a virus in an attachment from
> xxxxxx...@gmail.com.
> |
> |
> | Attachment: readme.scr
> | Threat: W32.Mytob.AG@mm
> | Action taken: Quarantine succeeded
> | File status: Infected
> and then there was this underneath:
>
> ät¶
> ó¯îþ0û\oq|mÌñÉþA4Q(tm)û(c)×Yø3/4 EU´ØOEÁ3³ë\
> |xþ"?FÌ%(c)-\úcXÉ5.ë;{3/4
> OZS4ÚÕÁ(tm){\X(tm)]Úí|À6§(tm)Ë?ë?Øu.5åkºBOE![·oÞ-^i"´
> Ze"ê? ÓCÙSLkòS '}§]PÛF8Í×ÞîCS,¨(R)(R)VKµ&ÆÒÅËM³µÍ¬>>{/<Y~Ã-
> "FJ|4Ão§*ùÍUeC`¨ôkÐ|´[9B£Zêsás±²->§O± ~^?ô_Ö~Tõ·.P||2)üR-ef
> ÉàÅÈqM&?jeµó\ëÀ·f:%Q<àã&Ó?"Ù I)ða!Hè...27dù^.5qB?qãÈ£6)z4$10ßÉàÙVÊP§...
> ÎÆ^^4äÕ '¶ón>Ê?>1^" m
> 1/2¯ºÏ...¬>>(tm)¤mJÀÒí(tm)Ü°)f×J...´kà¤Õ,ZZgZ*åHÖ¡¯Ù¢p"ÓRùÛÔÖü 2glL¿¥¨;
> 6ûvU"_C-c-TU-vÒƬ|ËKEw¯§%,3mìªsaãÁòÜËËeÌ-Y¸?êg '7CÒÞ*a1?ó_À *.R§?!
> DSeòªFns î}ùKV[kç±l`Ý.,MY x"&9KP.Å"-v|NØ0J0É-eåsa¢¬ åý[7hº-
> ¡bëãÃ1/2 WáܲT*RÕð1/2þMêDÞäF3²(R)Úpd¬ÉÐ¥$p|"afT>>FhU>ºle<<ÙåI>ô3/43/4
> oôñþetáÔ"Ò¥]$l...
> #zx_
> ý(tm)Y²ðÅ2þ?'zÕÓ
> Ò Ëq:--üºä""PB[Ú?Äþ l÷ï--8qÎöÂÎg;G:!¨mÌ °sG{(R)ÃSÊ<<ÀX"~´åuGP\ÓuNH&×XLpm}¨
> &*¥áv×'?SîßéÊÓÙ#<->Úï?3&vStéù j
> ' ZåOS?]å
> O/£Uú6Ü1/4>#èÝ̪æøæxJk:wÒ'¹¹ÛÏ[³&cDß³ñÏä6\>âù&0(c)(c)<<·WdÔÂù\%OEý¢N
> Ê`FYÜSÇ×Ó§þòÔI¤äBhìÈ;]wHÌ^Z}´((tm)jñéHLÝÞFPÄ
> gß±^Ëu(ÂPAÉÊ¿~ÙÐ û¯<<!Zìàz3¤b³¯\('ØdIyýñPI?¢sâïlEh?6å~`sEø6^¨ü ×Äñ<ðú
> $'à÷m·¬ð-cjÎZèSÔÚ0§O^ÇÍÛzY¹ç{: Ǩ?ÀÃÖPË<ÖSO3OEÊa¹ã3/4 ÈÝDcK²à:
> 5NШ¶(ëy(tm)`6Ö|ºµµIn...ð-XFà v>PÍm¯)áÓjàÅÌéxgöÏK...|-
> |}<*,>IÛõ~l(tm)?>ÚZrÎõ'FWÀ"¹Úze
> >"~dn&`--Êb;...ì¿,ÃéUzâ"*|õ)~
> *?b
> sW
> ?<á-5Ó×Bïs'(tm)x÷ üÅ÷Ã4?³1I?'|¬>û´cÌv>>£Ô-2#3/4 lw? a
> ¢KÌYY 1/2 fY&WÙªJp,"îÃê¯Ò|XݳÝjUýõ(tm)~!´ *--àëÐ"ø¿xª¹&%¨!g
> H¬T²k^3/4&s²F"Öô`rº:
> eÙ ¤À.Å2Zx?³"Ô¬C8|
> ÈY ³¬s0ÚÕ¥íÊEæ
> << tYþ #sk :ÕòxH~Û'I?§¶\á
> ïøåJËZ¢ó9áÐ1/2¸"Rn0 1/4 2L0
> 3/4·"ï1/2Ï]÷üZi[7(R)Éû"×ëOE?r56o<u?øür|ÉöãÊú"¶<Á?|S¡:
> ,ÒÙ?!ý*ìÇ ¹ÜÛ~ ljð¶¢H¯1/4 W^ý ô...³¯º--'3/4Å |c]s1f h
> qÈxqÛ3/4ÚyQ߶1/4 SÊÄH³×Ó(tm)òÜÍÕ'ZÎÃ3nø^çc¿r
> ±xðF47DL¶*¬"zöâïVe}X'Ñ?köüìfvÞ5YܸïâTÓbHa
> £rt±´²Ã{°\(tm)±ÏjÂ(R)33(tm)'"4±3/4Ó?
> $>>w_}wöuGøWȯz>>XGYÁcaûÇÁiÌ&|ÇO_Ø'}SttpOELÄÆPôCDûY5"î#Dê"°s,?)j²óµ{OEé¿J'(R)"Fl>>ÖÑÖ<>Â|"MæoÔyy(tm)IB¯áíÝ0Õòa9ØÇï'çe>I
> 1/2 tüY¿¿O"%gõë¡~>
> "ÛÛ
> S¶Q[¤áÅg|...1/2óQx Zç)O"ý3
> 9ÝÆdQHY\J(c) S
> ä"GÌÆÄó- :>-YÝÏfhÆî.°Þ µ
> òMÚY\{"a"MtO<<n5¿dÂ^ýÓÜþÇß...¶ÐÃ:~H,ZC"1/4ò/KZpÂ
> úä[Þä?)<<(tm)úáfÆ|Î?0Gù# YñbñÚéð$Ò·µU/êð0¯^ð(tm)Ê×ß õØYÈë-npÅ3~...4^§11#ÚD
> ZgHÅnC9'ò(c)(c)ÇzE Ç÷ [c&*rWE#)<<··(c))ÔV ÝãB¹YÞrY fÏ*YfvT?

But that's quite a coincidence, then, that I got one message (the
first one was from a person I know, by the way), and then a few hours
later I got a returned-to-sender message implying that I'm sending the
exact same emails as the one I reveived.
 
Re: Possible virus?

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/kb/827315

You can run a /thorough/ check for hijackware, including posting your
hijackthis log to an appropriate forum.

Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine2.blogspot.com/
http://www.elephantboycomputers.com/page2.html#Removing_Malware

When all else fails, HijackThis v2.0.2
(http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User)
AumHa VSOP & Admin http://aumha.net
DTS-L.ORG http://66.39.69.143/


Robert Colgan wrote:
> I'm worried that I've somehow gotten the W32.Mytob virus. Earlier this
> afternoon, I received the below email:
>
>> from xxxxxxxxx@gmail.com
>> to xxxxxxxxx@gmail.com (me)
>> date Nov 28, 2007 9:50 PM
>> subject Virus Found in message "Hello"
>>
>> Symantec AntiVirus found a virus in an attachment from
> xxxxxxxxx@gmail.com.
>>
>> Attachment: bbkiu.zip
>> Threat: W32.Mytob.AG@mm
>> Action taken: Quarantine succeeded
>> File status: Infected
>>
>> The message contains Unicode characters and has been sent as a
> binary attachment.
>>
>> bbkiu.zip
>> 1K Download
>
> It surprised me, and while I do have Symantec AntiVirus, I'm not sure
> how Symantec got to this email, since it was on Gmail's webmail
> interface (it didn't look like Gmail's built-in anti-virus either --
> it will display something about a virus next to the attachment, I
> believe). Or, even, that it did at all -- I know many viruses
> masquerade as anti-virus messages. So, I didn't download anything and
> went on my merry business, thinking that whatever it was, as long as I
> didn't download anything, I wouldn't get infected.
>
> But later, I got the below "returned-to-sender" email. I'm concerned
> that the virus somehow got on to one of my computers and is sending
> emails. I'm running virus scans on both my computers, neither of which
> have turned up anything, and I'm about to run the W32.Mytob@mm Removal
> Tool from Symantec.
> Is this something I need to be worried about?
> P.S. "xxxxx@mail.hs.columbia.edu" is not anyone I know or that would
> be in my address book
>
> This is the returned-to-sender email I got:
>> from Mail Delivery System <MAILER-DAEMON@alipes.hs.columbia.edu>
>> to xxxxxxxxx@gmail.com, (me)
>> date Nov 28, 2007 8:35 PM
>> subject Undelivered Mail Returned to Sender
>> mailed-by alipes.hs.columbia.edu
>>
>> This is the mail system at host alipes.hs.columbia.edu.
>>
>> I'm sorry to have to inform you that your message could not
>> be delivered to one or more recipients. It's attached below.
>>
>> For further assistance, please send mail to <postmaster>|
>>
>> If you do so, please include this problem report. You can
>> delete your own text from the attached returned message.
>>
>> The mail system
>>
>> <xxxxx@mail.hs.columbia.edu>: mail for mail.hs.columbia.edu loops
> back to
>> myself
>>
>> Final-Recipient: rfc822; xxxxx@mail.hs.columbia.edu
>> Original-Recipient: rfc822;xxxxx@mail.hs.columbia.edu
>> Action: failed
>> Status: 5.4.6
>> Diagnostic-Code: X-Postfix; mail for mail.hs.columbia.edu loops back
> to myself
>>
>> ---------- Forwarded message ----------
>> From: xxxxxxxxx@gmail.com
>> To: xxxxx@mail.hs.columbia.edu
>> Date: Thu, 29 Nov 2007 08:33:56 -0500
>> Subject: Virus Found in message "HELLO"
>> Symantec AntiVirus found a virus in an attachment from
> xxxxxxxxx@gmail.com.
>>
>>
>> Attachment: readme.scr
>> Threat: W32.Mytob.AG@mm
>> Action taken: Quarantine succeeded
>> File status: Infected
> and then there was this underneath:
>
> ät¶
> ó¯îþ0û\oq|mÌñÉþA4Q(tm)û(c)ןø3/4 EU´ØOEÁ3³ë\
>> xþ"†FÌ%(c)-\úcXÉ5.ë;{3/4
>> OŽS4ÚÕÁ(tm){\X(tm)]Úí|À6§(tm)ˆë‰Øu.5åkºBOE![·oÞ-^i"´
> ‹Wu03l4I...1/4;Î '<<ÜÑR --dvî"ëÞi20ž†_,9^ây'mx j
> Že„ê‰ ÓCÙŠLkòS '}§]PÛF8Í×ÞîCŠ,¨(R)(R)VKµ&ÆÒÅËM³µÍ¬>>{/<Ÿ~Ã-
> „FJ|4Ão§*ùÍUeC`¨ôkÐ|´[9B£Žêsás±²->§O± ~^‡ô_Ö~Tõ·.P||2)üR-ef
> ÉàÅÈqM&‡jeµó\ëÀ·f:%Q<àã&Ó‡„Ù I)ða!Hè...27dù^.5qB?qãÈ£6)ž4$10ßÉàÙVÊP§...
> Îƈˆ4äÕ‹ž1/4 hd8ö(c)5*D‡\§nz4(R)£¤çžÐQN...gSÁ
> '¶ón>Ê?>1ˆ" m
> 1/2¯ºÏ...¬>>(tm)¤mJÀÒí(tm)Ü°)f×J...´kà¤Õ,ŽŽgŽ*åHÖ¡¯Ù¢p"ÓRùÛÔÖü 2glL¿¥¨;
> 6ûvU„_C-c-TU-vÒƬ|ËKEw¯§%,3m쪚aãÁòÜËËeÌ-Ÿ¸‰êg '7CÒÞ*a1‡ó_À *.R§‡!
> DSeòªFns î}ùKV[kç±l`Ý.,MŸ x"&9KP.Å„-v|NØ0J0É-eåsa¢¬ åý[7hº-
> ¡bëãÃ1/2 WáܲT*RÕð1/2þMêDÞäF3²(R)Úpd¬ÉÐ¥$p|"aƒT>>FhU›ºle<<ÙåI›ô3/43/4
> oôñþetáÔ"Ò¥]$l...
> #žx_
> ý(tm)Ÿ²ðÅ2þ†'zÕÓ
> Ò Ëq:--üºä""PB[Ú‰Äþ l÷ï--8qÎöÂÎg;G:!¨mÌ °sG{(R)ÃSÊ<<ÀX„~´åuGP\ÓuNH&×XLpm}¨
> &*¥áv×'?ŠîßéÊÓÙ#‹->Úï‰3&vŠtéù j
> ' ŽåŒS?]å
> O/£Uú6Ü1/4›#èÝ̪æøæxJk:wÒ'¹¹ÛÏ[³&cDß³ñÏä6\>âù&0(c)(c)<<·WdÔÂù\%OEý¢N
> Ê`FYÜŠÇ×Ó§þòÔI¤äBhìÈ;]wHÌ^Z}´((tm)jñéHLÝÞFPÄ
> gß±^Ëu(ÂPAÉÊ¿~ÙÐ û¯<<!Zìàz3¤b³¯\('ØdIyýñPI†¢sâïlEh‡6å~`sEø6^¨ü ×Äñ‹ðú
> $'à÷m·¬ð-cjÎŽèSÔÚ0§Œ^ÇÍÛžŸ¹ç{: Ǩ?ÀÃÖPË‹ÖŠO3OEÊa¹ã3/4 ÈÝDcK²à:
> 5NШ¶(ëy(tm)`6Ö|ºµµIn...ð-XFà v›PÍm¯)áÓjàÅÌéxgöÏK...|-
>> }<*,›IÛõ~l(tm)‡>ÚŽrÎõ'FWÀ"¹Úže
>> „~dn&`--Êb;...ì¿,ÃéUzâ"*|õ)~
> *‰b
> šW
> ‡<á-5Ó×Bïs'(tm)x÷ üÅ÷Ã4‡³1I†'|¬>û´cÌv>>£Ô-2#3/4 lw† a
> ¢KÌŸY 1/2 fŸ&WÙªJp,"îÃê¯Ò|XݳÝjUýõ(tm)~!´ *--àëÐ"ø¿xª¹&%¨!g
> H¬T²k^3/4&s²F"Öô`rº:
> eÙ ¤À.Å2Zx†³"Ô¬C8|
> ÈY‹vçPÍ(tm)†Rò'„l_ÃPÝš2Ù.(~å´§Ã??áj°þ4Îq}^-³£5èa £„1/4 mIiVz,ò)TD
> ³¬š0ÚÕ¥íÊEæ
> << tŸþ #sk :ÕòxH~Û'I‰§¶\á
> ïøåJËZ¢ó9áÐ1/2¸"Rn0 1/4 2L0
> 3/4·"ï1/2Ï]÷üŽi[7(R)Éû"×ëOE†r56o<u‰øür|ÉöãÊú"¶<Á‡|S¡:
> ,ÒÙ?!ý*ìÇ ¹ÜÛ~ ljð¶¢H¯1/4 W^ý ô...³¯º--'3/4Å |c]š1f h
> qÈxqÛ3/4ÚyQ߶1/4 SÊÄH³×Ó(tm)òÜÍÕ'ŽÎÃ3nøˆçc¿r
> ±xðF47DL¶*¬"zöâïVe}X'цköüìfvÞ5YܸïâTÓbHa
> £rt±´²Ã{°\(tm)±ÏjÂ(R)33(tm)'"4±3/4Ó‰
> $>>w_}wöuGøWȯž>>XGŸÁcaûÇÁiÌ&|ÇŒ_Ø'}ŠttpOELÄÆPôCDûY5"î#Dê"°s,‡)j²óµ{OEé¿J'(R)„Fl>>ÖÑÖ<›Â|"MæoÔyy(tm)IB¯áíÝ0Õòa9ØÇï'çe>I
> 1/2 tüŸ¿¿Œ"%gõë¡~>
> "ÛÛ
> S¶Q[¤áÅg|...1/2óQx Žç)Œ"ý3
> 9ÝÆdQHŸ\J(c) Š
> ä"GÌÆÄó- :>-YÝÏfhÆî.°Þ µ
> òMÚŸ\{"a"MtO<<n5¿dÂ^ýÓÜþÇß...¶ÐÃ:~H,ŽC"1/4ò/KŽpÂ
> úä[Þä‡)<<(tm)úáƒÆ|·0Gù# YñbñÚéð$Ò·µU/êð0¯^ð(tm)Ê×ß õØYÈë-npÅ3~...4^§11#ÚD
> ZgHÅnC9'ò(c)(c)ÇzE Ç÷ [c&*rWE#)<<··(c))ÔV ÝãB¹YÞrY fÏ*YfvT‰
 
Re: Possible virus?

On Nov 28, 10:38 pm, "PA Bear" <PABear...@gmail.com> wrote:
> Unexplained computer behavior may be caused by deceptive softwarehttp://support.microsoft.com/kb/827315
>
> You can run a /thorough/ check for hijackware, including posting your
> hijackthis log to an appropriate forum.
>
> Checking for/Help with Hijackwarehttp://aumha.org/a/parasite.htm
> http://aumha.org/a/quickfix.htm
> http://aumha.net/viewtopic.php?t=58...p://inetexplorer.mvps.org/data/prevention.htm
> http://inetexplorer.mvps.org/tshoot...tboycomputers.com/page2.html#Removing_Malware
>
> When all else fails, HijackThis v2.0.2
> (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use.
> It will help you to both identify and remove any hijackware/spyware with
> assistance from an expert. **Post your log tohttp://forums.spybot.info/forumdisplay.php?f=22,http://castlecops.com/forum67.html,...owforum=7,http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
> analysis, not here.**
>
> If the procedures look too complex - and there is no shame in admitting this
> isn't your cup of tea - take the machine to a local, reputable and
> independent (i.e., not BigBoxStoreUSA) computer repair shop.
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE, OE, Security, Shell/User)
> AumHa VSOP & Adminhttp://aumha.net
> DTS-L.ORGhttp://66.39.69.143/
>
> Robert Colgan wrote:
> > I'm worried that I've somehow gotten the W32.Mytob virus. Earlier this
> > afternoon, I received the below email:
>
> >> from xxxxxx...@gmail.com
> >> to xxxxxx...@gmail.com (me)
> >> date Nov 28, 2007 9:50 PM
> >> subject Virus Found in message "Hello"
>
> >> Symantec AntiVirus found a virus in an attachment from
> > xxxxxx...@gmail.com.
>
> >> Attachment: bbkiu.zip
> >> Threat: W32.Mytob.AG@mm
> >> Action taken: Quarantine succeeded
> >> File status: Infected
>
> >> The message contains Unicode characters and has been sent as a
> > binary attachment.
>
> >> bbkiu.zip
> >> 1K Download
>
> > It surprised me, and while I do have Symantec AntiVirus, I'm not sure
> > how Symantec got to this email, since it was on Gmail's webmail
> > interface (it didn't look like Gmail's built-in anti-virus either --
> > it will display something about a virus next to the attachment, I
> > believe). Or, even, that it did at all -- I know many viruses
> > masquerade as anti-virus messages. So, I didn't download anything and
> > went on my merry business, thinking that whatever it was, as long as I
> > didn't download anything, I wouldn't get infected.
>
> > But later, I got the below "returned-to-sender" email. I'm concerned
> > that the virus somehow got on to one of my computers and is sending
> > emails. I'm running virus scans on both my computers, neither of which
> > have turned up anything, and I'm about to run the W32.Mytob@mm Removal
> > Tool from Symantec.
> > Is this something I need to be worried about?
> > P.S. "xx...@mail.hs.columbia.edu" is not anyone I know or that would
> > be in my address book
>
> > This is the returned-to-sender email I got:
> >> from Mail Delivery System <MAILER-DAE...@alipes.hs.columbia.edu>
> >> to xxxxxx...@gmail.com, (me)
> >> date Nov 28, 2007 8:35 PM
> >> subject Undelivered Mail Returned to Sender
> >> mailed-by alipes.hs.columbia.edu
>
> >> This is the mail system at host alipes.hs.columbia.edu.
>
> >> I'm sorry to have to inform you that your message could not
> >> be delivered to one or more recipients. It's attached below.
>
> >> For further assistance, please send mail to <postmaster>|
>
> >> If you do so, please include this problem report. You can
> >> delete your own text from the attached returned message.
>
> >> The mail system
>
> >> <xx...@mail.hs.columbia.edu>: mail for mail.hs.columbia.edu loops
> > back to
> >> myself
>
> >> Final-Recipient: rfc822; xx...@mail.hs.columbia.edu
> >> Original-Recipient: rfc822;xx...@mail.hs.columbia.edu
> >> Action: failed
> >> Status: 5.4.6
> >> Diagnostic-Code: X-Postfix; mail for mail.hs.columbia.edu loops back
> > to myself
>
> >> ---------- Forwarded message ----------
> >> From: xxxxxx...@gmail.com
> >> To: xx...@mail.hs.columbia.edu
> >> Date: Thu, 29 Nov 2007 08:33:56 -0500
> >> Subject: Virus Found in message "HELLO"
> >> Symantec AntiVirus found a virus in an attachment from
> > xxxxxx...@gmail.com.
>
> >> Attachment: readme.scr
> >> Threat: W32.Mytob.AG@mm
> >> Action taken: Quarantine succeeded
> >> File status: Infected
> > and then there was this underneath:
>
> > ät¶
> > ó¯îþ0û\oq|mÌñÉþA4Q(tm)û(c)ןø3/4 EU´ØOEÁ3³ë\
> >> xþ"†FÌ%(c)-\úcXÉ5.ë;{3/4
> >> OŽS4ÚÕÁ(tm){\X(tm)]Úí|À6§(tm)ˆë‰Øu.5åkºBOE![·oÞ-^i"´
> > ‹Wu03l4I...1/4;Î '<<ÜÑR --dvî"ëÞi20ž†_,9^ây'mx j
> > Že„ê‰ ÓCÙŠLkòS '}§]PÛF8Í×ÞîCŠ,¨(R)(R)VKµ&ÆÒÅËM³µÍ¬>>{/<Ÿ~Ã-
> > „FJ|4Ão§*ùÍUeC`¨ôkÐ|´[9B£Žêsás±²->§O± ~^‡ô_Ö~Tõ·.P||2)üR-ef
> > ÉàÅÈqM&‡jeµó\ëÀ·f:%Q<àã&Ó‡„Ù I)ða!Hè....27dù^.5qB?qãÈ£6)ž4$10ßÉàÙVÊP§...
> > Îƈˆ4äÕ‹ž1/4 hd8ö(c)5*D‡\§nz4(R)£¤çžÐQN....gSÁ
> > '¶ón>Ê?>1ˆ" m
> > 1/2¯ºÏ...¬>>(tm)¤mJÀÒí(tm)Ü°)f×J...´kà¤Õ,ŽŽgŽ*åHÖ¡¯Ù¢p"ÓRùÛÔÖü 2glL¿¥¨;
> > 6ûvU„_C-c-TU-vÒƬ|ËKEw¯§%,3m쪚aãÁòÜËËeÌ-Ÿ¸‰êg '7CÒÞ*a1‡ó_À *.R§‡!
> > DSeòªFns î}ùKV[kç±l`Ý.,MŸ x"&9KP.Å„-v|NØ0J0É-eåsa¢¬ åý[7hº-
> > ¡bëãÃ1/2 WáܲT*RÕð1/2þMêDÞäF3²(R)Úpd¬ÉÐ¥$p|"aƒT>>FhU›ºle<<ÙåI›ô3/43/4
> > oôñþetáÔ"Ò¥]$l...
> > #žx_
> > ý(tm)Ÿ²ðÅ2þ†'zÕÓ
> > Ò Ëq:--üºä""PB[Ú‰Äþ l÷ï--8qÎöÂÎg;G:!¨mÌ °sG{(R)ÃSÊ<<ÀX„~´åuGP\ÓuNH&×XLpm}¨
> > &*¥áv×'?ŠîßéÊÓÙ#‹->Úï‰3&vŠtéù j
> > ' ŽåŒS?]å
> > O/£Uú6Ü1/4›#èÝ̪æøæxJk:wÒ'¹¹ÛÏ[³&cDß³ñÏä6\>âù&0(c)(c)<<·WdÔÂù\%OEý¢N
> > Ê`FYÜŠÇ×Ó§þòÔI¤äBhìÈ;]wHÌ^Z}´((tm)jñéHLÝÞFPÄ
> > gß±^Ëu(ÂPAÉÊ¿~ÙÐ û¯<<!Zìàz3¤b³¯\('ØdIyýñPI†¢sâïlEh‡6å~`sEø6^¨ü ×Äñ‹ðú
> > $'à÷m·¬ð-cjÎŽèSÔÚ0§Œ^ÇÍÛžŸ¹ç{: Ǩ?ÀÃÖPË‹ÖŠO3OEÊa¹ã3/4 ÈÝDcK²à:
> > 5NШ¶(ëy(tm)`6Ö|ºµµIn...ð-XFà v›PÍm¯)áÓjàÅÌéxgöÏK...|-
> >> }<*,›IÛõ~l(tm)‡>ÚŽrÎõ'FWÀ"¹Úže
> >> „~dn&`--Êb;...ì¿,ÃéUzâ"*|õ)~
> > *‰b
> > šW
> > ‡<á-5Ó×Bïs'(tm)x÷ üÅ÷Ã4‡³1I†'|¬>û´cÌv>>£Ô-2#3/4 lw† a
> > ¢KÌŸY 1/2 fŸ&WÙªJp,"îÃê¯Ò|XݳÝjUýõ(tm)~!´ *--àëÐ"ø¿xª¹&%¨!g
> > H¬T²k^3/4&s²F"Öô`rº:
> > eÙ ¤À.Å2Zx†³"Ô¬C8|
> > ÈY‹vçPÍ(tm)†Rò'„l_ÃPÝš2Ù.(~å´§Ã??áj°þ4Îq}^-³£5èa £„1/4 mIiVz,ò)TD
> > ³¬š0ÚÕ¥íÊEæ
> > << tŸþ #sk :ÕòxH~Û'I‰§¶\á
> > ïøåJËZ¢ó9áÐ1/2¸"Rn0 1/4 2L0
> > 3/4·"ï1/2Ï]÷üŽi[7(R)Éû"×ëOE†r56o<u‰øür|ÉöãÊú"¶<Á‡|S¡:
> > ,ÒÙ?!ý*ìÇ ¹ÜÛ~ ljð¶¢H¯1/4 W^ý ô...³¯º--'3/4Å |c]š1f h
> > qÈxqÛ3/4ÚyQ߶1/4 SÊÄH³×Ó(tm)òÜÍÕ'ŽÎÃ3nøˆçc¿r
> > ±xðF47DL¶*¬"zöâïVe}X'цköüìfvÞ5YܸïâTÓbHa
> > £rt±´²Ã{°\(tm)±ÏjÂ(R)33(tm)'"4±3/4Ó‰
> > $>>w_}wöuGøWȯž>>XGŸÁcaûÇÁiÌ&|ÇŒ_Ø'}ŠttpOELÄÆPôCDûY5"î#Dê"°s,‡)j²óµ{OEé¿J'(R)„Fl>>ÖÑÖ<›Â|"MæoÔyy(tm)IB¯áíÝ0Õòa9ØÇï'çe>I
> > 1/2 tüŸ¿¿Œ"%gõë¡~>
> > "ÛÛ
> > S¶Q[¤áÅg|...1/2óQx Žç)Œ"ý3
> > 9ÝÆdQHŸ\J(c) Š
> > ä"GÌÆÄó- :>-YÝÏfhÆî.°Þ µ
> > òMÚŸ\{"a"MtO<<n5¿dÂ^ýÓÜþÇß...¶ÐÃ:~H,ŽC"1/4ò/KŽpÂ
> > úä[Þä‡)<<(tm)úáƒÆ|·0Gù# YñbñÚéð$Ò·µU/êð0¯^ð(tm)Ê×ß õØYÈë-npÅ3~...4^§11#ÚD
> > ZgHÅnC9'ò(c)(c)ÇzE Ç÷ [c&*rWE#)<<··(c))ÔV ÝãB¹YÞrY fÏ*YfvT‰

This isn't my computer acting strangely -- so far, at least, the only
reason I have for suspecting a virus is 2 Gmail messages.
 
Re: Possible virus?

Robert Colgan wrote:
>
> I'm worried that I've somehow gotten the W32.Mytob virus. Earlier this
> afternoon, I received the below email:

Try some or all of the "online" virus scanners on the site below.


--
http://www.bootdisk.com/
 
Re: Possible virus?

Robert Colgan wrote:
> On Nov 28, 9:49 pm, "Mike Hall - MVP"
> <mikeh...@mvps.com> wrote:
>> The 'you are sending out infected mail' is as bogus
>> as the 'you have
>> an infected computer' messages.
>>
>> Delete them..
>>
>> --
>> Mike Hall -
>> MVPhttp://msmvps.com/blogs/mikehall/default.aspx
>>
>> "Robert Colgan" <RobertECol...@gmail.com> wrote in
>> message
>>
>> news:6650687b-2e7c-442e-bf96-8166b8601bd6@w34g2000hsg.googlegroups.com...
>> I'm worried that I've somehow gotten the W32.Mytob
>> virus. Earlier
>> this afternoon, I received the below email:
>>
>>> from xxxxxx...@gmail.com
>>> to xxxxxx...@gmail.com (me)
>>> date Nov 28, 2007 9:50 PM
>>> subject Virus Found in message "Hello"
>>>
>>> Symantec AntiVirus found a virus in an attachment
>>> from
>>> xxxxxx...@gmail.com.
>>>
>>> Attachment: bbkiu.zip
>>> Threat: W32.Mytob.AG@mm
>>> Action taken: Quarantine succeeded
>>> File status: Infected
>>>
>>> The message contains Unicode characters and has
>>> been sent as a
>> binary attachment.
>>>
>>> bbkiu.zip
>>> 1K Download
>>
>> It surprised me, and while I do have Symantec
>> AntiVirus, I'm not sure
>> how Symantec got to this email, since it was on
>> Gmail's webmail
>> interface (it didn't look like Gmail's built-in
>> anti-virus either --
>> it will display something about a virus next to the
>> attachment, I
>> believe). Or, even, that it did at all -- I know
>> many viruses
>> masquerade as anti-virus messages. So, I didn't
>> download anything and
>> went on my merry business, thinking that whatever it
>> was, as long as
>> I didn't download anything, I wouldn't get infected.
>>
>> But later, I got the below "returned-to-sender"
>> email. I'm concerned
>> that the virus somehow got on to one of my computers
>> and is sending
>> emails. I'm running virus scans on both my
>> computers, neither of
>> which have turned up anything, and I'm about to run
>> the W32.Mytob@mm
>> Removal Tool from Symantec.
>> Is this something I need to be worried about?
>> P.S. "xx...@mail.hs.columbia.edu" is not anyone I
>> know or that would
>> be in my address book
>>
>> This is the returned-to-sender email I got:
>>> from Mail Delivery System
>>> <MAILER-DAE...@alipes.hs.columbia.edu>
>>> to xxxxxx...@gmail.com, (me)
>>> date Nov 28, 2007 8:35 PM
>>> subject Undelivered Mail Returned to Sender
>>> mailed-by alipes.hs.columbia.edu
>>>
>>> This is the mail system at host
>>> alipes.hs.columbia.edu.
>>>
>>> I'm sorry to have to inform you that your message
>>> could not
>>> be delivered to one or more recipients. It's
>>> attached below.
>>>
>>> For further assistance, please send mail to
>>> <postmaster>|
>>>
>>> If you do so, please include this problem report.
>>> You can
>>> delete your own text from the attached returned
>>> message.
>>>
>>> The mail system
>>>
>>> <xx...@mail.hs.columbia.edu>: mail for
>>> mail.hs.columbia.edu loops
>> back to
>>> myself
>>>
>>> Final-Recipient: rfc822; xx...@mail.hs.columbia.edu
>>> Original-Recipient:
>>> rfc822;xx...@mail.hs.columbia.edu
>>> Action: failed
>>> Status: 5.4.6
>>> Diagnostic-Code: X-Postfix; mail for
>>> mail.hs.columbia.edu loops back
>> to myself
>>>
>>
>>> ---------- Forwarded message ----------
>>> From: xxxxxx...@gmail.com
>>> To: xx...@mail.hs.columbia.edu
>>> Date: Thu, 29 Nov 2007 08:33:56 -0500
>>> Subject: Virus Found in message "HELLO"
>>> Symantec AntiVirus found a virus in an attachment
>>> from
>>> xxxxxx...@gmail.com.
>>>
>>>
>>> Attachment: readme.scr
>>> Threat: W32.Mytob.AG@mm
>>> Action taken: Quarantine succeeded
>>> File status: Infected
>> and then there was this underneath:
>>
>> ät¶
>> ó¯îþ0û\oq|mÌñÉþA4Q(tm)û(c)×Yø3/4 EU´ØOEÁ3³ë\
>>> xþ"?FÌ%(c)-\úcXÉ5.ë;{3/4
>> OZS4ÚÕÁ(tm){\X(tm)]Úí|À6§(tm)Ë?ë?Øu.5åkºBOE![·oÞ-^i"´
>> Ze"ê? ÓCÙSLkòS
>> '}§]PÛF8Í×ÞîCS,¨(R)(R)VKµ&ÆÒÅËM³µÍ¬>>{/<Y~Ã-
>> "FJ|4Ão§*ùÍUeC`¨ôkÐ|´[9B£Zêsás±²->§O±
>> ~^?ô_Ö~Tõ·.P||2)üR-ef
>> ÉàÅÈqM&?jeµó\ëÀ·f:%Q<àã&Ó?"Ù
>> I)ða!Hè...27dù^.5qB?qãÈ£6)z4$10ßÉàÙVÊP§... ÎÆ^^4äÕ
>> '¶ón>Ê?>1^" m
>> 1/2¯ºÏ...¬>>(tm)¤mJÀÒí(tm)Ü°)f×J...´kà¤Õ,ZZgZ*åHÖ¡¯Ù¢p"ÓRùÛÔÖü
>> 2glL¿¥¨;
>> 6ûvU"_C-c-TU-vÒƬ|ËKEw¯§%,3mìªsaãÁòÜËËeÌ-Y¸?êg
>> '7CÒÞ*a1?ó_À *.R§?! DSeòªFns î}ùKV[kç±l`Ý.,MY
>> x"&9KP.Å"-v|NØ0J0É-eåsa¢¬ åý[7hº-
>> ¡bëãÃ1/2
>> WáܲT*RÕð1/2þMêDÞäF3²(R)Úpd¬ÉÐ¥$p|"afT>>FhU>ºle<<ÙåI>ô3/43/4
>> oôñþetáÔ"Ò¥]$l...
>> #zx_
>> ý(tm)Y²ðÅ2þ?'zÕÓ
>> Ò Ëq:--üºä""PB[Ú?Äþ l÷ï--8qÎöÂÎg;G:!¨mÌ
>> °sG{(R)ÃSÊ<<ÀX"~´åuGP\ÓuNH&×XLpm}¨
>> &*¥áv×'?SîßéÊÓÙ#<->Úï?3&vStéù j
>> ' ZåOS?]å
>> O/£Uú6Ü1/4>#èÝ̪æøæxJk:wÒ'¹¹ÛÏ[³&cDß³ñÏä6\>âù&0(c)(c)<<·WdÔÂù\%OEý¢N
>> Ê`FYÜSÇ×Ó§þòÔI¤äBhìÈ;]wHÌ^Z}´((tm)jñéHLÝÞFPÄ
>> gß±^Ëu(ÂPAÉÊ¿~ÙÐ
>> û¯<<!Zìàz3¤b³¯\('ØdIyýñPI?¢sâïlEh?6å~`sEø6^¨ü ×Äñ<ðú
>> $'à÷m·¬ð-cjÎZèSÔÚ0§O^ÇÍÛzY¹ç{:
>> Ǩ?ÀÃÖPË<ÖSO3OEÊa¹ã3/4 ÈÝDcK²à:
>> 5NШ¶(ëy(tm)`6Ö|ºµµIn...ð-XFÃ
>> v>PÍm¯)áÓjàÅÌéxgöÏK...|-
>>> }<*,>IÛõ~l(tm)?>ÚZrÎõ'FWÀ"¹Úze
>>> "~dn&`--Êb;...ì¿,ÃéUzâ"*|õ)~
>> *?b
>> sW
>> ?<á-5Ó×Bïs'(tm)x÷ üÅ÷Ã4?³1I?'|¬>û´cÌv>>£Ô-2#3/4 lw?
>> a
>> ¢KÌYY 1/2 fY&WÙªJp,"îÃê¯Ò|XݳÝjUýõ(tm)~!´
>> *--àëÐ"ø¿xª¹&%¨!g
>> H¬T²k^3/4&s²F"Öô`rº:
>> eÙ ¤À.Å2Zx?³"Ô¬C8|
>> ÈY ³¬s0ÚÕ¥íÊEæ
>> << tYþ #sk :ÕòxH~Û'I?§¶\á
>> ïøåJËZ¢ó9áÐ1/2¸"Rn0 1/4 2L0
>> 3/4·"ï1/2Ï]÷üZi[7(R)Éû"×ëOE?r56o<u?øür|ÉöãÊú"¶<Á?|S¡:
>> ,ÒÙ?!ý*ìÇ ¹ÜÛ~ ljð¶¢H¯1/4 W^ý ô...³¯º--'3/4Å |c]s1f
>> h
>> qÈxqÛ3/4ÚyQ߶1/4 SÊÄH³×Ó(tm)òÜÍÕ'ZÎÃ3nø^çc¿r
>> ±xðF47DL¶*¬"zöâïVe}X'Ñ?köüìfvÞ5YܸïâTÓbHa
>> £rt±´²Ã{°\(tm)±ÏjÂ(R)33(tm)'"4±3/4Ó?
>> $>>w_}wöuGøWȯz>>XGYÁcaûÇÁiÌ&|ÇO_Ø'}SttpOELÄÆPôCDûY5"î#Dê"°s,?)j²óµ{OEé¿J'(R)"Fl>>ÖÑÖ<>Â|"MæoÔyy(tm)IB¯áíÝ0Õòa9ØÇï'çe>I
>> 1/2 tüY¿¿O"%gõë¡~>
>> "ÛÛ
>> S¶Q[¤áÅg|...1/2óQx Zç)O"ý3
>> 9ÝÆdQHY\J(c) S
>> ä"GÌÆÄó- :>-YÝÏfhÆî.°Þ µ
>> òMÚY\{"a"MtO<<n5¿dÂ^ýÓÜþÇß...¶ÐÃ:~H,ZC"1/4ò/KZpÂ
>> úä[Þä?)<<(tm)úáfÆ|Î?0Gù# YñbñÚéð$Ò·µU/êð0¯^ð(tm)Ê×ß
>> õØYÈë-npÅ3~...4^§11#ÚD ZgHÅnC9'ò(c)(c)ÇzE Ç÷
>> [c&*rWE#)<<··(c))ÔV
>> ÝãB¹YÞrY fÏ*YfvT?
>
> But that's quite a coincidence, then, that I got one
> message (the
> first one was from a person I know, by the way), and
> then a few hours
> later I got a returned-to-sender message implying
> that I'm sending the
> exact same emails as the one I reveived.

But it's believable since you don't even have the savvy
to post, quote or even trim correctly. If your only
intent is to circumvent offered assistance with
improperly quoted posts, go finish your tests and
relax.
 
Re: Possible virus?

And I guess that's not strange, eh? YOu're quite a
whiz all right.

Robert Colgan wrote:
> On Nov 28, 10:38 pm, "PA Bear" <PABear...@gmail.com>
> wrote:
>> Unexplained computer behavior may be caused by
>> deceptive
>> softwarehttp://support.microsoft.com/kb/827315
>>
>> You can run a /thorough/ check for hijackware,
>> including posting your
>> hijackthis log to an appropriate forum.
>>
>> Checking for/Help with
>> Hijackwarehttp://aumha.org/a/parasite.htm
>> http://aumha.org/a/quickfix.htm
>>
>>
>> http://aumha.net/viewtopic.php?t=58...p://inetexplorer.mvps.org/data/prevention.htm
>> http://inetexplorer.mvps.org/tshoot...tboycomputers.com/page2.html#Removing_Malware
>>
>> When all else fails, HijackThis v2.0.2
>> (http://aumha.org/downloads/hijackthis.exe) is the
>> preferred tool to
>> use.
>> It will help you to both identify and remove any
>> hijackware/spyware
>> with
>> assistance from an expert. **Post your log
>> tohttp://forums.spybot.info/forumdisplay.php?f=22,http://castlecops.com/forum67.html,...owforum=7,http://aumha.net/viewforum.php?f=30,
>> or other appropriate forums for expert analysis, not
>> here.**
>>
>> If the procedures look too complex - and there is no
>> shame in
>> admitting this
>> isn't your cup of tea - take the machine to a local,
>> reputable and
>> independent (i.e., not BigBoxStoreUSA) computer
>> repair shop.
>> --
>> ~Robear Dyer (PA Bear)
>> MS MVP-Windows (IE, OE, Security, Shell/User)
>> AumHa VSOP & Adminhttp://aumha.net
>> DTS-L.ORGhttp://66.39.69.143/
>>
>> Robert Colgan wrote:
>>> I'm worried that I've somehow gotten the W32.Mytob
>>> virus. Earlier
>>> this afternoon, I received the below email:
>>
>>>> from xxxxxx...@gmail.com
>>>> to xxxxxx...@gmail.com (me)
>>>> date Nov 28, 2007 9:50 PM
>>>> subject Virus Found in message "Hello"
>>
>>>> Symantec AntiVirus found a virus in an attachment
>>>> from
>>> xxxxxx...@gmail.com.
>>
>>>> Attachment: bbkiu.zip
>>>> Threat: W32.Mytob.AG@mm
>>>> Action taken: Quarantine succeeded
>>>> File status: Infected
>>
>>>> The message contains Unicode characters and has
>>>> been sent as a
>>> binary attachment.
>>
>>>> bbkiu.zip
>>>> 1K Download
>>
>>> It surprised me, and while I do have Symantec
>>> AntiVirus, I'm not
>>> sure
>>> how Symantec got to this email, since it was on
>>> Gmail's webmail
>>> interface (it didn't look like Gmail's built-in
>>> anti-virus either --
>>> it will display something about a virus next to the
>>> attachment, I
>>> believe). Or, even, that it did at all -- I know
>>> many viruses
>>> masquerade as anti-virus messages. So, I didn't
>>> download anything
>>> and went on my merry business, thinking that
>>> whatever it was, as
>>> long as I didn't download anything, I wouldn't get
>>> infected.
>>
>>> But later, I got the below "returned-to-sender"
>>> email. I'm concerned
>>> that the virus somehow got on to one of my
>>> computers and is sending
>>> emails. I'm running virus scans on both my
>>> computers, neither of
>>> which have turned up anything, and I'm about to run
>>> the
>>> W32.Mytob@mm Removal Tool from Symantec.
>>> Is this something I need to be worried about?
>>> P.S. "xx...@mail.hs.columbia.edu" is not anyone I
>>> know or that would
>>> be in my address book
>>
>>> This is the returned-to-sender email I got:
>>>> from Mail Delivery System
>>>> <MAILER-DAE...@alipes.hs.columbia.edu>
>>>> to xxxxxx...@gmail.com, (me)
>>>> date Nov 28, 2007 8:35 PM
>>>> subject Undelivered Mail Returned to Sender
>>>> mailed-by alipes.hs.columbia.edu
>>
>>>> This is the mail system at host
>>>> alipes.hs.columbia.edu.
>>
>>>> I'm sorry to have to inform you that your message
>>>> could not
>>>> be delivered to one or more recipients. It's
>>>> attached below.
>>
>>>> For further assistance, please send mail to
>>>> <postmaster>|
>>
>>>> If you do so, please include this problem report.
>>>> You can
>>>> delete your own text from the attached returned
>>>> message.
>>
>>>> The mail system
>>
>>>> <xx...@mail.hs.columbia.edu>: mail for
>>>> mail.hs.columbia.edu loops
>>> back to
>>>> myself
>>
>>>> Final-Recipient: rfc822;
>>>> xx...@mail.hs.columbia.edu
>>>> Original-Recipient:
>>>> rfc822;xx...@mail.hs.columbia.edu
>>>> Action: failed
>>>> Status: 5.4.6
>>>> Diagnostic-Code: X-Postfix; mail for
>>>> mail.hs.columbia.edu loops
>>>> back
>>> to myself
>>
>>>> ---------- Forwarded message ----------
>>>> From: xxxxxx...@gmail.com
>>>> To: xx...@mail.hs.columbia.edu
>>>> Date: Thu, 29 Nov 2007 08:33:56 -0500
>>>> Subject: Virus Found in message "HELLO"
>>>> Symantec AntiVirus found a virus in an attachment
>>>> from
>>> xxxxxx...@gmail.com.
>>
>>>> Attachment: readme.scr
>>>> Threat: W32.Mytob.AG@mm
>>>> Action taken: Quarantine succeeded
>>>> File status: Infected
>>> and then there was this underneath:
>>
>>> ät¶
>>> ó¯îþ0û\oq|mÌñÉþA4Q(tm)û(c)×Yø3/4 EU´ØOEÁ3³ë\
>>>> xþ"?FÌ%(c)-\úcXÉ5.ë;{3/4
>>>> OZS4ÚÕÁ(tm){\X(tm)]Úí|À6§(tm)Ë?ë?Øu.5åkºBOE![·oÞ-^i"´
>>>>> Ze"ê? ÓCÙSLkòS
>>>>> '}§]PÛF8Í×ÞîCS,¨(R)(R)VKµ&ÆÒÅËM³µÍ¬>>{/<Y~Ã-
>>> "FJ|4Ão§*ùÍUeC`¨ôkÐ|´[9B£Zêsás±²->§O±
>>> ~^?ô_Ö~Tõ·.P||2)üR-ef
>>> ÉàÅÈqM&?jeµó\ëÀ·f:%Q<àã&Ó?"Ù
>>> I)ða!Hè...27dù^.5qB?qãÈ£6)z4$10ßÉàÙVÊP§... ÎÆ^^4äÕ
>>> > > '¶ón>Ê?>1^" m
>>> 1/2¯ºÏ...¬>>(tm)¤mJÀÒí(tm)Ü°)f×J...´kà¤Õ,ZZgZ*åHÖ¡¯Ù¢p"ÓRùÛÔÖü
>>> 2glL¿¥¨;
>>> 6ûvU"_C-c-TU-vÒƬ|ËKEw¯§%,3mìªsaãÁòÜËËeÌ-Y¸?êg
>>> '7CÒÞ*a1?ó_À *.R§?! DSeòªFns î}ùKV[kç±l`Ý.,MY
>>> x"&9KP.Å"-v|NØ0J0É-eåsa¢¬ åý[7hº-
>>> ¡bëãÃ1/2
>>> WáܲT*RÕð1/2þMêDÞäF3²(R)Úpd¬ÉÐ¥$p|"afT>>FhU>ºle<<ÙåI>ô3/43/4
>>> oôñþetáÔ"Ò¥]$l... #zx_
>>> ý(tm)Y²ðÅ2þ?'zÕÓ
>>> Ò Ëq:--üºä""PB[Ú?Äþ l÷ï--8qÎöÂÎg;G:!¨mÌ
>>> °sG{(R)ÃSÊ<<ÀX"~´åuGP\ÓuNH&×XLpm}¨
>>> &*¥áv×'?SîßéÊÓÙ#<->Úï?3&vStéù j
>>> ' ZåOS?]å
>>> O/£Uú6Ü1/4>#èÝ̪æøæxJk:wÒ'¹¹ÛÏ[³&cDß³ñÏä6\>âù&0(c)(c)<<·WdÔÂù\%OEý¢N
>>> Ê`FYÜSÇ×Ó§þòÔI¤äBhìÈ;]wHÌ^Z}´((tm)jñéHLÝÞFPÄ
>>> gß±^Ëu(ÂPAÉÊ¿~ÙÐ
>>> û¯<<!Zìàz3¤b³¯\('ØdIyýñPI?¢sâïlEh?6å~`sEø6^¨ü
>>> ×Äñ<ðú $'à÷m·¬ð-cjÎZèSÔÚ0§O^ÇÍÛzY¹ç{:
>>> Ǩ?ÀÃÖPË<ÖSO3OEÊa¹ã3/4
>>> ÈÝDcK²à: 5NШ¶(ëy(tm)`6Ö|ºµµIn...ð-XFÃ
>>> v>PÍm¯)áÓjàÅÌéxgöÏK...|-
>>>> }<*,>IÛõ~l(tm)?>ÚZrÎõ'FWÀ"¹Úze
>>>> "~dn&`--Êb;...ì¿,ÃéUzâ"*|õ)~
>>> *?b
>>> sW
>>> ?<á-5Ó×Bïs'(tm)x÷ üÅ÷Ã4?³1I?'|¬>û´cÌv>>£Ô-2#3/4 lw?
>>> a
>>> ¢KÌYY 1/2 fY&WÙªJp,"îÃê¯Ò|XݳÝjUýõ(tm)~!´
>>> *--àëÐ"ø¿xª¹&%¨!g
>>> H¬T²k^3/4&s²F"Öô`rº:
>>> eÙ ¤À.Å2Zx?³"Ô¬C8|
>>> ÈY > > ³¬s0ÚÕ¥íÊEæ
>>> << tYþ #sk :ÕòxH~Û'I?§¶\á
>>> ïøåJËZ¢ó9áÐ1/2¸"Rn0 1/4 2L0
>>> 3/4·"ï1/2Ï]÷üZi[7(R)Éû"×ëOE?r56o<u?øür|ÉöãÊú"¶<Á?|S¡:
>>> ,ÒÙ?!ý*ìÇ ¹ÜÛ~ ljð¶¢H¯1/4 W^ý ô...³¯º--'3/4ÅÂ
>>> |c]s1f h
>>> qÈxqÛ3/4ÚyQ߶1/4 SÊÄH³×Ó(tm)òÜÍÕ'ZÎÃ3nø^çc¿r
>>> ±xðF47DL¶*¬"zöâïVe}X'Ñ?köüìfvÞ5YܸïâTÓbHa
>>> £rt±´²Ã{°\(tm)±ÏjÂ(R)33(tm)'"4±3/4Ó?
>>> $>>w_}wöuGøWȯz>>XGYÁcaûÇÁiÌ&|ÇO_Ø'}SttpOELÄÆPôCDûY5"î#Dê"°s,?)j²óµ{OEé¿J'(R)"Fl>>ÖÑÖ<>Â|"MæoÔyy(tm)IB¯áíÝ0Õòa9ØÇï'çe>I
>>> 1/2 tüY¿¿O"%gõë¡~>
>>> "ÛÛ
>>> S¶Q[¤áÅg|...1/2óQx Zç)O"ý3
>>> 9ÝÆdQHY\J(c) S
>>> ä"GÌÆÄó- :>-YÝÏfhÆî.°Þ µ
>>> òMÚY\{"a"MtO<<n5¿dÂ^ýÓÜþÇß...¶ÐÃ:~H,ZC"1/4ò/KZpÂ
>>> úä[Þä?)<<(tm)úáfÆ|Î?0Gù# YñbñÚéð$Ò·µU/êð0¯^ð(tm)Ê×ß
>>> õØYÈë-npÅ3~...4^§11#ÚD ZgHÅnC9'ò(c)(c)ÇzE Ç÷
>>> [c&*rWE#)<<··(c))ÔV
>>> ÝãB¹YÞrY fÏ*YfvT?
>
> This isn't my computer acting strangely -- so far, at
> least, the only
> reason I have for suspecting a virus is 2 Gmail
> messages.
 

Similar threads

C
Windows 10 Hello! I have been having problems with .jar flies how do I fix this problem?
Replies
0
Views
174
Charlie1234566
C
V
How to use "The extended ASCII codes (character code 128255)"?
Replies
0
Views
169
V.K.S.B.K
V
B
I really need to know, What even language is this lol... all i'm reading is"CallBack_ConfigureWindowsFoundationImage:Image is not Windows foundation i
Replies
0
Views
123
babyjayhudis
B
K
Word content transfer issue in interface.
Replies
0
Views
85
khalil_kazi
K
EDN Admin
Help Working with an unknown SDK
Replies
0
Views
118
EDN Admin
EDN Admin
Back
Top